"A big challenge for identifying web application attacks is to
detect malicious activity that cannot easily be spotted using using
signatures. Remote file inclusion (RFI) is a popular technique used to
attack web applications (especially php applications) from a remote
server. RFI attacks are extremely dangerous as they allow a client to
to force an vulnerable application to run their own malicious code by
including a reference pointer to code from a URL located on a remote
server. When an application executes the malicious code it may lead to
a backdoor exploit or technical information retrieval.
The
application vulnerability leading to RFI is a result of insufficient
validation on user input. In order to perform proper validation of
input to avoid RFI attacks, an application should check that user input
doesn’t contain invalid characters or reference to an unauthorized
external location. Or Katz, who is the WebDefend signature team lead at
Breach Security recently gave a presentation at the OWASP Local Chapter meeting in Israel and Breach Security Labs has since released a whitepaper based on his research. I would like to highlight a few of the detection items that were presented."
application vulnerability leading to RFI is a result of insufficient
validation on user input. In order to perform proper validation of
input to avoid RFI attacks, an application should check that user input
doesn’t contain invalid characters or reference to an unauthorized
external location. Or Katz, who is the WebDefend signature team lead at
Breach Security recently gave a presentation at the OWASP Local Chapter meeting in Israel and Breach Security Labs has since released a whitepaper based on his research. I would like to highlight a few of the detection items that were presented."
Read more: http://tacticalwebappsec.blogspot.com/2009/06/generic-remote-file-inclusion-attack.html
